Comments on: Would you use temporary / generic user accounts? How do u deal with this regarding compliancehttp://itknowledgeexchange.techtarget.com/itanswers/would-you-use-temporary-generic-user-accounts-how-do-u-deal-with-this-regarding-compliance/
Tue, 03 Mar 2015 16:25:46 +0000hourly1By: ocarmonahttp://itknowledgeexchange.techtarget.com/itanswers/would-you-use-temporary-generic-user-accounts-how-do-u-deal-with-this-regarding-compliance/#comment-47257
Thu, 23 Feb 2006 08:14:40 +0000#comment-47257Thank you guys this helps alot. I actually have a better concept about this know… it’s about proof and accountability.

I will no use generic accounts, I rather just create an individual account for someone.

]]>By: terexrbhttp://itknowledgeexchange.techtarget.com/itanswers/would-you-use-temporary-generic-user-accounts-how-do-u-deal-with-this-regarding-compliance/#comment-47258
Thu, 23 Feb 2006 07:38:02 +0000#comment-47258Sox 404 has some min requirments and you can get help with this all over the web. (ITTLCommunity.com, sarbanes-oxley-101.com)

The core issue is that you may have to prove to an auditor who the actual person was (Monday temp won’t do). You need to show them the person name, the security you gave them and that the security was reviewed by their manager.

This is almost impossible to do with generic accounts.

]]>By: checksixhttp://itknowledgeexchange.techtarget.com/itanswers/would-you-use-temporary-generic-user-accounts-how-do-u-deal-with-this-regarding-compliance/#comment-47259
Wed, 22 Feb 2006 08:20:06 +0000#comment-47259We got dinged pretty hard for generic accounts, even those not related to sensitive, or “in scope” systems or apps. Depends on the auditor and how they interpret SOX in many cases, but it gives them one more thing to look into.
While managing accounts for temps is more work on the front end, after three years of SOX and GLBA audits it is worth it on the back-end.
CheckSix, CISSP
]]>